<?php
require('./config.php');

$rqt = $db->prepare("SELECT id FROM staff WHERE login = :login AND mdp = MD5(:mdp)");
$rqt->bindParam(':login', $_POST['p_login'], PDO::PARAM_STR);
$rqt->bindParam(':mdp', $_POST['p_mdp'], PDO::PARAM_STR);
$rqt->execute();
$res = $rqt->fetch(PDO::FETCH_ASSOC);

if ($res === false) {
	setcookie($event_tag, NULL, -1);
	die("Erreur d'identification");
}else{
	$opkey = "2".time()."2";
	$rqt = $db->prepare("UPDATE staff SET opkey=:opkey WHERE login = :login AND mdp = MD5(:mdp)");
	$rqt->bindParam(':login', $_POST['p_login'], PDO::PARAM_STR);
	$rqt->bindParam(':mdp', $_POST['p_mdp'], PDO::PARAM_STR);
	$rqt->bindParam(':opkey', $opkey, PDO::PARAM_STR);
	$rqt->execute();

	setcookie($event_tag, $opkey, time()+60*60);
	header("Location: ./index.php");
}

?>
